Merge pull request #49755 from mestew/SinglePass

Single pass ADEprereqscript changes

Author: Ja-Dunn

articles/security/TOC.yml

@@ -42,18 +42,24 @@
       items:
       - name: About Azure Disk Encryption
         href: azure-security-disk-encryption-overview.md
+      - name: Quickstarts
+        items:
+        - name: Encrypt VM - Azure PowerShell
+          href: quick-encrypt-vm-powershell.md
       - name: Azure Disk Encryption
         items:
-        - name: Quickstarts
-          items:
-          - name: Encrypt VM - Azure PowerShell
-            href: quick-encrypt-vm-powershell.md
         - name: Disk encryption prerequisites
           href: azure-security-disk-encryption-prerequisites.md
         - name: Disk encryption for Windows VMs
           href: azure-security-disk-encryption-windows.md
         - name: Disk encryption for Linux VMs
           href: azure-security-disk-encryption-linux.md
+      - name: Appendix for disk encryption
+        href: azure-security-disk-encryption-appendix.md
+      - name: Disk encryption FAQ
+        href: azure-security-disk-encryption-faq.md
+      - name: Troubleshooting
+        href: azure-security-disk-encryption-tsg.md
       - name: Azure Disk Encryption with Azure AD app (previous release)
         items:
         - name: Disk encryption with Azure AD app prerequisites 
@@ -62,12 +68,6 @@
           href: azure-security-disk-encryption-windows-aad.md
         - name: Disk encryption with Azure AD app for Linux VMs 
           href: azure-security-disk-encryption-linux-aad.md
-      - name: Appendix for disk encryption
-        href: azure-security-disk-encryption-appendix.md
-      - name: Disk encryption FAQ
-        href: azure-security-disk-encryption-faq.md
-      - name: Troubleshooting
-        href: azure-security-disk-encryption-tsg.md
   - name: Azure Storage security
     href: security-storage-overview.md
   - name: Storage security guide

articles/security/azure-security-disk-encryption-appendix.md

@@ -102,6 +102,23 @@ Before you start, review the [Prerequisites](azure-security-disk-encryption-prer
      Get-AzureKeyVaultSecret -VaultName $KeyVaultName | where {$_.Tags.ContainsKey('DiskEncryptionKeyFileName')} | format-table @{Label="MachineName"; Expression={$_.Tags['MachineName']}}, @{Label="VolumeLetter"; Expression={$_.Tags['VolumeLetter']}}, @{Label="EncryptionKeyURL"; Expression={$_.Id}}
      ```
 
+### <a name="bkmk_prereq-script"></a> Using the Azure Disk Encryption prerequisites PowerShell script
+If you're already familiar with the prerequisites for Azure Disk Encryption, you can use the [Azure Disk Encryption prerequisites PowerShell script](https://raw.githubusercontent.com/Azure/azure-powershell/master/src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/Scripts/AzureDiskEncryptionPreRequisiteSetup.ps1 ). For an example of using this PowerShell script, see the [Encrypt a VM Quickstart](quick-encrypt-vm-powershell.md). You can remove the comments from a section of the script, starting at line 211, to encrypt all disks for existing VMs in an existing resource group. 
+
+The following table shows which parameters can be used in the PowerShell script: 
+
+
+|Parameter|Description|Is Mandatory|
+|------|------|------|
+|$resourceGroupName| Name of the resource group to which the KeyVault belongs to.  A new resource group with this name will be created if one doesn't exist.| True|
+|$keyVaultName|Name of the KeyVault in which encryption keys are to be placed. A new vault with this name will be created if one doesn't exist.| True|
+|$location|Location of the KeyVault. Make sure the KeyVault and VMs to be encrypted are in the same location. Get a location list with `Get-AzureRMLocation`.|True|
+|$subscriptionId|Identifier of the Azure subscription to be used.  You can get your Subscription ID with `Get-AzureRMSubscription`.|True|
+|$aadAppName|Name of the Azure AD application that will be used to write secrets to KeyVault. A new application with this name will be created if one doesn't exist. If this app already exists, pass aadClientSecret parameter to the script.|False|
+|$aadClientSecret|Client secret of the Azure AD application that was created earlier.|False|
+|$keyEncryptionKeyName|Name of optional key encryption key in KeyVault. A new key with this name will be created if one doesn't exist.|False|
+
+
 ## Resource Manager templates
 
 <!--   - [Create a key vault](https://github.com/Azure/azure-quickstart-templates/tree/master/101-key-vault-create) -->

articles/security/azure-security-disk-encryption-prerequisites-aad.md

@@ -133,6 +133,9 @@ The [Azure CLI 2.0](/cli/azure) is a command-line tool for managing Azure resour
 
 
 ## Prerequisite workflow for Key Vault and the Azure AD app
+
+If you're already familiar with the Key Vault and Azure AD prerequisites for Azure Disk Encryption, you can use the [Azure Disk Encryption prerequisites PowerShell script](https://raw.githubusercontent.com/Azure/azure-powershell/master/src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/Scripts/AzureDiskEncryptionPreRequisiteSetup.ps1 ). For more information on using the prerequisites script, see the [Encrypt a VM Quickstart](quick-encrypt-vm-powershell.md) and the [Azure Disk Encryption Appendix](azure-security-disk-encryption-appendix.md#bkmk_prereq-script). 
+
 1. Create a key vault. 
 2. Set up an Azure AD application and service principal.
 3. Set the key vault access policy for the Azure AD app.

articles/security/azure-security-disk-encryption-prerequisites.md

@@ -130,6 +130,7 @@ The [Azure CLI 2.0](/cli/azure) is a command-line tool for managing Azure resour
 
 
 ## Prerequisite workflow for Key Vault
+If you're already familiar with the Key Vault and Azure AD prerequisites for Azure Disk Encryption, you can use the [Azure Disk Encryption prerequisites PowerShell script](https://raw.githubusercontent.com/Azure/azure-powershell/master/src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/Scripts/AzureDiskEncryptionPreRequisiteSetup.ps1 ). For more information on using the prerequisites script, see the [Encrypt a VM Quickstart](quick-encrypt-vm-powershell.md) and the [Azure Disk Encryption Appendix](azure-security-disk-encryption-appendix.md#bkmk_prereq-script). 
 
 1. If needed, create a resource group.
 2. Create a key vault. 

articles/security/quick-encrypt-vm-powershell.md

@@ -24,10 +24,12 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
 
 - Windows PowerShell ISE
 - Install and configure the [latest version of Azure PowerShell](/powershell/azure/install-azurerm-ps)
-- A copy of the [Azure Disk Encryption prerequisites script](https://raw.githubusercontent.com/Azure/azure-powershell/master/src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/Scripts/AzureDiskEncryptionPreRequisiteSetup.ps1 )
+- A copy of the [Azure Disk Encryption prerequisites script](https://raw.githubusercontent.com/Azure/azure-powershell/master/src/ResourceManager/Compute/Commands.Compute/Extension/AzureDiskEncryption/Scripts/AzureDiskEncryptionPreRequisiteSetup.ps1).
+    - If you have this script already, download a new copy as it has recently changed. 
     - Use **CTRL-A** to select all the text then use **CTRL-C** to copy all the text into Notepad.
     - Save the file as **ADEPrereqScript.ps1**
 
+
 ## Sign in to Azure
 
 1. Right-click **Windows PowerShell ISE** and click **Run as administrator**.